Vulnerability Alerts

CVEs, zero-days, exploits, and security advisories

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

363 articles

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-283: GStreamer qtdemux Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-282: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-281: Microsoft vcpkg OpenSSL Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on applications built using the Microsoft vcpkg port of OpenSSL.…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-280: (Pwn2Own) HP DeskJet 2855e JobStatusEvent Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP DeskJet 2855e print…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-278: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-276: Microsoft Windows Secure Kernel Double Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-275: Microsoft Qlib _mount_nfs_uri Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Qlib. Authen…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-274: Microsoft Qlib fit Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Qlib. User interaction…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interactio…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authe…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-270: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentica…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-269: TrendAI Apex One Console Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentica…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-268: Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO 9 Server. An attac…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-267: Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attack…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-263: Adobe ColdFusion subscribeToEndpoints Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Adobe ColdFusion. Authentication…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-262: Adobe ColdFusion deleteVersion Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Adobe ColdFusion. Although authe…

VULNcriticalZero Day Initiativeabout 2 months ago

ZDI-26-260: (0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must fir…

VULNcriticalZero Day Initiativeabout 2 months ago

ZDI-26-259: (0Day) Docker Desktop cli-plugins Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attac…

VULNcriticalZero Day Initiativeabout 2 months ago

ZDI-26-258: (0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attac…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-271: Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-291: NI LabVIEW LVCLASS File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-279: Microsoft Windows Snipping Tool Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interact…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-277: Microsoft Windows afd.sys Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-264: Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authen…

VULNcriticalZero Day Initiativeabout 2 months ago

ZDI-26-261: (0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must fir…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-265: Fortinet FortiWeb cgi_buf_alloc Integer Overflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Fortinet FortiWeb.…

VULNhighZero Day Initiativeabout 2 months ago

ZDI-26-266: Fortinet FortiWeb cat_cgi_paths Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authenticatio…

VULNcriticalZero Day Initiative2 months ago

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. U…

VULNcriticalZero Day Initiative2 months ago

ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. U…

VULNcriticalZero Day Initiative2 months ago

ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. U…